Cloudflare-token action doesn't execute actionunban

[marcogiorgio]

Hi,
I am trying to setup fail2ban with the Cloudflare-token action. I did some tests and I noticed that the action creates the firewall rules correctly when one or more IPs should be banned but it doesn't remove them when the ban is lifted.
I am also using the Opnsense rule and it works fine, so I assume this issue is only related to the Cloudflare token action.

As a side note, I've also noticed that Cloudflare is going to deprecate the firewall APIs in favour of the WAF custom rules.

Anyway this is my custom jail.local file.. Is anyone experiencing the same issue? Thanks

jail.local

[DEFAULT]
# "maxretry" is the number of failures before a host get banned.
maxretry = 1
bantime = 20s

# Apply additional actions to all bans with all jails
action  = cloudflare-token[cfzone="ZONE", cftoken="TOKEN"]
          gotify[url="URL"]

[emby-auth]
# Apply additional actions only to bans for the emby-auth jail
enabled = true
chain   = INPUT
action  = %(known/action)s
          opnsense[alias="Fail2Ban", firewall="URL", key="KEY", secret="SECRET", allow_insecure=false]

[marcogiorgio]

Closing because it's kinda being discussed here

[naXa777]

@marcogiorgio, I don't think the issue discussed in #23 is the same.
I faced this problem with cloudflare-token action, I fixed it in my local configs, and now I'm looking for the right place to contribute my fix.
I reported my issue here: linuxserver/docker-fail2ban#36.
And proposed PR here: #36

for anyone facing this bug and looking for a hotfix, try URL-encoding the notes parameter in the GET request:

actionunban = id=$(curl -s -G "<_cf_api_url>" <_cf_api_prms> \
                        --data-urlencode "mode=<cfmode>" \
                        --data-urlencode "notes=<notes>" \
                        --data-urlencode "configuration.target=<cftarget>" \
                        --data-urlencode "configuration.value=<ip>" \
                       | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/"id\"/){print $(i+1)}}}' \
                       | tr -d ' "' \
                       | head -n 1)
              if [ -z "$id" ]; then echo "<name>: id for <ip> cannot be found using target <cftarget>"; exit 0; fi; \
              curl -s -X DELETE "<_cf_api_url>/$id" <_cf_api_prms> --data '{"cascade": "none"}'